Skip to content

ci: add Allstar enforcement action with SARIF upload#77

Merged
justaugustus merged 1 commit intomainfrom
allstar-gha-test
Mar 24, 2026
Merged

ci: add Allstar enforcement action with SARIF upload#77
justaugustus merged 1 commit intomainfrom
allstar-gha-test

Conversation

@justaugustus
Copy link
Copy Markdown
Member

@justaugustus justaugustus commented Mar 24, 2026

Summary

  • Add GitHub Actions workflow to run Allstar with SARIF upload from the evidence-upload branch

Context

Testing the evidence upload feature from ossf/allstar as a GitHub Action deployment.

Setup required

Before merging, create a prod environment on this repo:

  1. Go to Settings > Environments > New environment → name it prod
  2. Under Environment variables, add APP_ID with the GitHub App's ID
  3. Under Environment secrets, add PRIVATE_KEY with the contents of the App private key PEM

Test plan

  • Create prod environment with App secrets
  • Merge this PR
  • Verify workflow runs via Actions tab
  • Verify SARIF appears in repo Security tabs
  • Clean up after testing

🤖 Generated with Claude Code

@kusari-inspector
Copy link
Copy Markdown

kusari-inspector bot commented Mar 24, 2026

⚠️ Workspace Mapping Required

Hello! We noticed that your GitHub organization is not yet mapped to a Kusari workspace. Kusari Inspector now requires installations to be associated with a Kusari workspace.

⚠️ NOTE: Only the admin who installed the Kusari GitHub App can complete these steps. If the admin is unable to complete these steps, please contact support@kusari.dev

To complete the setup:

  1. Visit https://console.us.kusari.cloud/auth/github and log in via github
  2. If you have only one workspace, it will be automatically selected for you
  3. Once the mapping is complete, return here and create a new comment with: @kusari-inspector re-run

This will trigger the analysis to run again.

For more information, or if you need help, visit https://github.com/kusaridev/community/discussions

1 similar comment
@kusari-inspector
Copy link
Copy Markdown

kusari-inspector bot commented Mar 24, 2026

⚠️ Workspace Mapping Required

Hello! We noticed that your GitHub organization is not yet mapped to a Kusari workspace. Kusari Inspector now requires installations to be associated with a Kusari workspace.

⚠️ NOTE: Only the admin who installed the Kusari GitHub App can complete these steps. If the admin is unable to complete these steps, please contact support@kusari.dev

To complete the setup:

  1. Visit https://console.us.kusari.cloud/auth/github and log in via github
  2. If you have only one workspace, it will be automatically selected for you
  3. Once the mapping is complete, return here and create a new comment with: @kusari-inspector re-run

This will trigger the analysis to run again.

For more information, or if you need help, visit https://github.com/kusaridev/community/discussions

@justaugustus @claude
ci: add Allstar enforcement action with SARIF upload
fc8b88b 
Add a GitHub Actions workflow that builds Allstar from the
evidence-upload branch (ossf/allstar) and runs the Scorecard
policy with SARIF upload enabled.

This workflow:
- Builds Allstar from source (evidence-upload branch)
- Runs with -once -policy "OpenSSF Scorecard"
- Uploads SARIF results to each repo's Security > Code Scanning tab
- Archives scan logs as artifacts
- Runs daily and on push to main

Requires a "prod" environment with:
- Variable: APP_ID (GitHub App ID)
- Secret: PRIVATE_KEY (GitHub App private key PEM)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
@kusari-inspector
Copy link
Copy Markdown

kusari-inspector bot commented Mar 24, 2026

⚠️ Workspace Mapping Required

Hello! We noticed that your GitHub organization is not yet mapped to a Kusari workspace. Kusari Inspector now requires installations to be associated with a Kusari workspace.

⚠️ NOTE: Only the admin who installed the Kusari GitHub App can complete these steps. If the admin is unable to complete these steps, please contact support@kusari.dev

To complete the setup:

  1. Visit https://console.us.kusari.cloud/auth/github and log in via github
  2. If you have only one workspace, it will be automatically selected for you
  3. Once the mapping is complete, return here and create a new comment with: @kusari-inspector re-run

This will trigger the analysis to run again.

For more information, or if you need help, visit https://github.com/kusaridev/community/discussions

@justaugustus justaugustus merged commit 5ea41c5 into main Mar 24, 2026
1 check passed
@justaugustus justaugustus deleted the allstar-gha-test branch March 24, 2026 04:31
@justaugustus justaugustus mentioned this pull request Mar 27, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justaugustus